On Wed, Mar 29, 2023 at 9:37 AM Kamil Dudka via curl-library <curl-library@lists.haxx.se> wrote: > > `curl -v` started to print an excessive amount of output for a TLSv1.3 > connection. Is it really useful to get two lines of verbose output for > each chunk of data (sometimes 1B) transferred over a TLS connection?
Depending on what you are debugging, instead of -v you can sometimes use -D /dev/stderr in order to print only the headers, and not the connection stuff. > > > $ curl -V > curl 7.61.1 (x86_64-redhat-linux-gnu) libcurl/7.61.1 OpenSSL/1.1.1k > zlib/1.2.11 brotli/1.0.6 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.2.0) > libssh/0.9.6/openssl/zlib nghttp2/1.33.0 > Release-Date: 2018-09-05 > Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 > pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp > Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB > SSL libz brotli TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL > > $ curl -Lfsvo/dev/null https://static.snyk.io/cli/latest/snyk-linux > * Trying 2a02:26f0:dc:39a::ecd... > * TCP_NODELAY set > * connect to 2a02:26f0:dc:39a::ecd port 443 failed: Network is unreachable > * Trying 2a02:26f0:dc:39b::ecd... > * TCP_NODELAY set > * connect to 2a02:26f0:dc:39b::ecd port 443 failed: Network is unreachable > * Trying 104.64.115.38... > * TCP_NODELAY set > * Connected to static.snyk.io (104.64.115.38) port 443 (#0) > * ALPN, offering h2 > * ALPN, offering http/1.1 > * successfully set certificate verify locations: > * CAfile: /etc/pki/tls/certs/ca-bundle.crt > CApath: none > } [5 bytes data] > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > } [512 bytes data] > * TLSv1.3 (IN), TLS handshake, Server hello (2): > { [122 bytes data] > * TLSv1.3 (IN), TLS handshake, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): > { [35 bytes data] > * TLSv1.3 (IN), TLS handshake, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS handshake, Certificate (11): > { [3104 bytes data] > * TLSv1.3 (IN), TLS handshake, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS handshake, CERT verify (15): > { [264 bytes data] > * TLSv1.3 (IN), TLS handshake, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS handshake, Finished (20): > { [52 bytes data] > * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): > } [1 bytes data] > * TLSv1.3 (OUT), TLS handshake, [no content] (0): > } [1 bytes data] > * TLSv1.3 (OUT), TLS handshake, Finished (20): > } [52 bytes data] > * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 > * ALPN, server accepted to use http/1.1 > * Server certificate: > * subject: C=GB; L=London; O=Snyk Ltd; CN=snyk.io > * start date: Nov 18 00:00:00 2022 GMT > * expire date: Jul 27 23:59:59 2023 GMT > * subjectAltName: host "static.snyk.io" matched cert's "static.snyk.io" > * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GeoTrust RSA CA 2018 > * SSL certificate verify ok. > } [5 bytes data] > * TLSv1.3 (OUT), TLS app data, [no content] (0): > } [1 bytes data] > > GET /cli/latest/snyk-linux HTTP/1.1 > > Host: static.snyk.io > > User-Agent: curl/7.61.1 > > Accept: */* > > > { [5 bytes data] > * TLSv1.3 (IN), TLS handshake, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): > { [265 bytes data] > * TLSv1.3 (IN), TLS handshake, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): > { [265 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > < HTTP/1.1 200 OK > < x-amz-id-2: > YvlM8X+2Tcdfmp51NLiwgfSOk7HKseAi7XbFSSyN34RlcgqH02uWnYmmnoPa6w9Wc1Xp/GdeN4Y= > < x-amz-request-id: SRGHSEZ3EGAP94NG > < Last-Modified: Tue, 28 Mar 2023 16:10:53 GMT > < ETag: "33cc191c45168278f7621ae86f7555b0-9" > < x-amz-server-side-encryption: AES256 > < Accept-Ranges: bytes > < Content-Type: binary/octet-stream > < Server: AmazonS3 > < Content-Length: 70874981 > < Cache-Control: max-age=296 > < Expires: Wed, 29 Mar 2023 06:59:32 GMT > < Date: Wed, 29 Mar 2023 06:54:36 GMT > < Connection: keep-alive > < X-Frame-Options: SAMEORIGIN > < X-Content-Type-Options: nosniff > < X-Xss-Protection: 1; mode=block > < Strict-Transport-Security: max-age=31536000; preload > < Access-Control-Max-Age: 3000 > < Access-Control-Allow-Methods: GET > < Access-Control-Allow-Origin: * > < > { [15635 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > { [1 bytes data] > * TLSv1.3 (IN), TLS app data, [no content] (0): > [...] > > We have to stop using `curl -v` in csmock plug-ins because of this: > > https://github.com/csutils/csmock/pull/103 > > Same problem with the latest curl upstream git HEAD... > > Kamil > > > -- > Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library > Etiquette: https://curl.se/mail/etiquette.html -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
